North Korean hackers behind cyber-attacks against Mexican banks

According to the United States Cyber-Security Firm FireEye, the hacking attacks perpetrated last January against Mexico’s National Bank for Foreign Trade (BANCOMEXT), which generated losses for over 110 million dollars, was perpetrated by a Korean group called APT38.

A document issued by the Cyber-Security Firm called “APT38 Unusual Suspects,” the cyber-criminal group aims to obtain resources for the North Korean regime led by Kim Jong-un.

Last May, EL UNIVERSAL informed that the hacking conducted against BANCOMEXT had only been a rehearsal to organize a much larger cyber attack on the connection of five financial institutions to the Interbank Electronic Payments System (SPEI) at the end of April, which caused losses of at least MXN$300 million, according to information provided by the Bank of Mexico (BANXICO).

FireEye’s investigation pointed out that the Korean attackers had breached at least 16 financial institutions in 11 countries and attempted to steal a total of around 1.1 billion dollars through sophisticated hacking strategies.

“Not only do they forcefully gain access and conduct operations to transfer funds in a very short period of time, the APT38 is also thought to work like an espionage operation, conducting thorough surveillance strategies within the compromised financial institutions and balancing their financially motivated goals with data collection from the systems at hand,” the document states.

In January 2018, BANCOMEXT revealed that an attack had been made on their servers, paralyzing their operation for several days. Information from the bank itself allowed authorities to stop the transfer of resources that the cyber-criminals had engaged in.

Some of the APT38’s most famous attacks were made on the TP Bank in Vietnam on December 2015; the Bangladesh Bank, February 2016; the Far Eastern International Bank in Taiwan during the month of October 2017, and the Bank of Chile, on May 2016.

FireEye’s report explained that on August 2018, the attacks were focused on Cosmos Bank in India, where hackers used fake transactions at ATMs by using the SWIFT transfer system. On said occasion, individual account owners were used for the attack, as well as money laundering activities.

The document added that the ATP38 attacks had focused on banks and financial institutions at least since 2014.